I am new to PHP, I tried editing a source code posted on a website.
I wanted to add ‘name’ and a radio button ‘type’ to be inserted into the database with ‘phone’ and ‘password’. But it inserts the data without name and type. What should I do?
PHP:
<?php
// Include config file
require_once "config.php";
// Define variables and initialize with empty values
$name = $phone = $password = $confirm_password = "";
$name_err = $phone_err = $password_err = $confirm_password_err = "";
// Processing form data when form is submitted
if($_SERVER["REQUEST_METHOD"] == "POST"){
// Validate phone
if(empty(trim($_POST["phone"]))){
$phone_err = "Please enter a phone.";
} elseif(!preg_match('/^[a-zA-Z0-9_]+$/', trim($_POST["phone"]))){
$phone_err = "phone can only contain numbers.";
} else{
// Prepare a select statement
$sql = "SELECT id FROM users WHERE phone = ?";
if($stmt = mysqli_prepare($link, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "s", $param_phone);
// Set parameters
$param_phone = trim($_POST["phone"]);
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
/* store result */
mysqli_stmt_store_result($stmt);
if(mysqli_stmt_num_rows($stmt) == 1){
$phone_err = "This phone is already registered.";
} else{
$phone = trim($_POST["phone"]);
}
} else{
echo "Oops! Something went wrong. Please try again later.";
}
// Close statement
mysqli_stmt_close($stmt);
}
}
// Validate password
if(empty(trim($_POST["password"]))){
$password_err = "Please enter a password.";
} elseif(strlen(trim($_POST["password"])) < 6){
$password_err = "Password must have atleast 6 characters.";
} else{
$password = trim($_POST["password"]);
}
// Validate confirm password
if(empty(trim($_POST["confirm_password"]))){
$confirm_password_err = "Please confirm password.";
} else{
$confirm_password = trim($_POST["confirm_password"]);
if(empty($password_err) && ($password != $confirm_password)){
$confirm_password_err = "Password did not match.";
}
}
// Check input errors before inserting in database
if(empty($name_err) && empty($phone_err) && empty($password_err) && empty($confirm_password_err)){
// Prepare an insert statement
$sql = "INSERT INTO users (name, phone, password, type) VALUES (?, ?, ?, ?)";
if($stmt = mysqli_prepare($link, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "ssss", $name, $param_phone, $param_password, $type);
// Set parameters
$param_phone = $phone;
$param_password = password_hash($password, PASSWORD_DEFAULT);
// Creates a password hash
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
// Redirect to login page
header("location: login.php");
}
else{
echo "Oops! Something went wrong. Please try again later.";
}
// Close statement
mysqli_stmt_close($stmt);
}
}
// Close connection
mysqli_close($link);
}
?>
Here is the form containing inputs: ‘name’, ‘phone’, ‘password’ and a radio button: ‘type’
HTML
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="POST">
<div class="form-group">
<label>Name</label>
<input type="text" name="name" class="form-control <?php echo (!empty($name_err)) ? 'is-invalid' : ''; ?>" value="<?php echo $name; ?>">
<span class="invalid-feedback"><?php echo $name_err; ?></span>
</div>
<div class="form-group">
<label>Phone</label>
<input type="text" name="phone" class="form-control <?php echo (!empty($phone_err)) ? 'is-invalid' : ''; ?>" value="<?php echo $phone; ?>">
<span class="invalid-feedback"><?php echo $phone_err; ?></span>
</div>
<div class="form-group">
<label>Password</label>
<input type="password" name="password" class="form-control <?php echo (!empty($password_err)) ? 'is-invalid' : ''; ?>" value="<?php echo $password; ?>">
<span class="invalid-feedback"><?php echo $password_err; ?></span>
</div>
<div class="form-group">
<label>Confirm Password</label>
<input type="password" name="confirm_password" class="form-control <?php echo (!empty($confirm_password_err)) ? 'is-invalid' : ''; ?>" value="<?php echo $confirm_password; ?>">
<span class="invalid-feedback"><?php echo $confirm_password_err; ?></span>
</div>
<div class="form-group">
<h4 style="color:grey;">How do you define yourself?</h4><br>
<input class="input3" type="radio" name="type"
value="<?php echo $type; ?>" checked />
<label class="label" for="control_01">
<h6>I am a Patient</h6>
</label>
<br>
<input class="input3" type="radio" name="type"
value="<?php echo $type; ?>">
<label class="label" for="control_02">
<h6>I am a Doctor</h6>
</label>
</div>
<br>
<div class="form-group">
<input type="submit" class="btn btn-primary" value="Submit">
<input type="reset" class="btn btn-secondary ml-2" value="Reset">
</div>
<p>Already have an account? <a href="login.php">Login here</a>.</p>
</form>
>Solution :
- Set the value of each radio button to a text instead of
<?php echo $type; ?>or else it will always return and empty value (since$type = ''). - Tweak you PHP a little bit so something like this
<?php
// Include config file
require_once "config.php";
// Define variables and initialize with empty values
$name = $phone = $password = $confirm_password = $type = "";
$name_err = $phone_err = $password_err = $confirm_password_err = $type_err = "";
// Processing form data when form is submitted
if($_SERVER["REQUEST_METHOD"] == "POST"){
// Validate name
if(empty(trim($_POST["name"]))){
$name_err = "Please enter a name.";
} else{
$name = trim($_POST["name"]);
}
// Validate phone
if(empty(trim($_POST["phone"]))){
$phone_err = "Please enter a phone.";
} elseif(!preg_match('/^[a-zA-Z0-9_]+$/', trim($_POST["phone"]))){
$phone_err = "phone can only contain numbers.";
} else{
// Prepare a select statement
$sql = "SELECT id FROM users WHERE phone = ?";
if($stmt = mysqli_prepare($link, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "s", $param_phone);
// Set parameters
$param_phone = trim($_POST["phone"]);
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
/* store result */
mysqli_stmt_store_result($stmt);
if(mysqli_stmt_num_rows($stmt) == 1){
$phone_err = "This phone is already registered.";
} else{
$phone = trim($_POST["phone"]);
}
} else{
echo "Oops! Something went wrong. Please try again later.";
}
// Close statement
mysqli_stmt_close($stmt);
}
}
// Validate password
if(empty(trim($_POST["password"]))){
$password_err = "Please enter a password.";
} elseif(strlen(trim($_POST["password"])) < 6){
$password_err = "Password must have atleast 6 characters.";
} else{
$password = trim($_POST["password"]);
}
// Validate confirm password
if(empty(trim($_POST["confirm_password"]))){
$confirm_password_err = "Please confirm password.";
} else{
$confirm_password = trim($_POST["confirm_password"]);
if(empty($password_err) && ($password != $confirm_password)){
$confirm_password_err = "Password did not match.";
}
}
// Validate type
if(empty(trim($_POST["type"]))){
// $type_err = "Please enter a type.";
} else{
$type = trim($_POST["type"]);
}
// Check input errors before inserting in database
if(empty($name_err) && empty($phone_err) && empty($password_err) && empty($confirm_password_err)){
// Prepare an insert statement
$sql = "INSERT INTO users (name, phone, password, type) VALUES (?, ?, ?, ?)";
if($stmt = mysqli_prepare($link, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "ssss", $param_name, $param_phone, $param_password, $param_type);
// Set parameters
$param_name = $name;
$param_phone = $phone;
$param_password = password_hash($password, PASSWORD_DEFAULT);
$param_type = $type;
// Creates a password hash
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
// Redirect to login page
header("location: login.php");
}
else{
echo "Oops! Something went wrong. Please try again later.";
}
// Close statement
mysqli_stmt_close($stmt);
}
}
// Close connection
mysqli_close($link);
}
?>